generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated FIPS status

Browse Source
This commit is contained in:
Dr. Stephen Henson 2011-04-06 13:40:36 +00:00
parent 42bd0a6b3c
commit 161cc82df1
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
README.FIPS
View File

@ -44,11 +44,14 @@ Known issues:
Algorithm tests are pre-2011.
The fipslagtest.pl script wont auto run new algorithm tests such as DSA2.
Usage of ECDH/DH needs review and adding appropriate self tests.
Usage of ECDH/DH needs review and whether any KDFs need to be implemented.
Selftests need updating with larger key sizes in some cases and redundant
tests pruned.
SP800-90 DRBG needs more work: health checks, continuous PRNG test,
entropy gathering, security checks in algorithms, add appropriate RAND method
for use by rest of OpenSSL.
No CMAC.
SP800-90 DRBG needs more work: check for compliance, continuous PRNG test
when entropy gathering, periodic health tests.
Some algorithms need to check security strength of PRNG: keygen etc.
No CCM.
No XTS.
The "FIPS capable OpenSSL" is not yet complete: meaning that the rest of
OpenSSL doesn't always use the correct FIPS module APIs and block others
in FIPS mode.